You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In #240 I tried to improve security by adding a content security policy and refactoring the code to avoid unsafe patterns like inline javascript.
5bb9910 went in the opposite direction and re-allowed an unsafe feature (eval). I guess that was required for the new dependency on alpine.js.
I guess this decision can be justified. However, I also know that there are plenty of similar javascript frameworks that do not rely on unsafe features. Is it possible to switch to one of those?
The text was updated successfully, but these errors were encountered:
xi
changed the title
Regression: Less safe CSP
Regression: Less secure CSP
Jan 27, 2021
xi
linked a pull request
Jul 20, 2021
that will
close
this issue
In #240 I tried to improve security by adding a content security policy and refactoring the code to avoid unsafe patterns like inline javascript.
5bb9910 went in the opposite direction and re-allowed an unsafe feature (eval). I guess that was required for the new dependency on alpine.js.
I guess this decision can be justified. However, I also know that there are plenty of similar javascript frameworks that do not rely on unsafe features. Is it possible to switch to one of those?
The text was updated successfully, but these errors were encountered: